From sbryzak at redhat.com Sun Jun 12 09:15:41 2011
Content-Type: multipart/mixed; boundary="===============0500983977394263955=="
MIME-Version: 1.0
From: Shane Bryzak <sbryzak at redhat.com>
To: seam-dev at lists.jboss.org
Subject: Re: [seam-dev] Extended validation constraints
Date: Sun, 12 Jun 2011 23:15:36 +1000
Message-ID: <4DF4BBF8.8010102@redhat.com>
In-Reply-To: BANLkTi=mpz49DPB7qZzGcMOzGohzmq2qbQ@mail.gmail.com

--===============0500983977394263955==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

I would like to see it in 4.2, but that's just because I need it for a =

new Seam app I'm working on ;)  As for where it belongs, I'm not sure.. =

that's really up to Hardy and team to decide... off the top of my head I =

can't think of any particular other validations besides @WebSafe, =

however I'm sure that there will be other useful validations that would =

be worth implementing and possibly a HV Commons module would be the =

right place for them.

Shane


On 12/06/11 20:31, Gunnar Morling wrote:
> Hi Shane,
>
> the @WebSafe constraint is a great idea.
>
> I'm not totally sure what the right place for it would be, though. The
> constraints we have in HV so far are independent from any application
> layer. @WebSafe would be the first one specific to the web layer. You
> mentioned possible other constraints, do you have something specific
> in mind already?
>
> Maybe it would also be a good idea to have a separate library
> exclusively for custom constraints which could be used from everywhere
> ("HV Commons" or similar).
>
> I'm also CC'ing Hardy and Kevin from the HV team. What do you guys
> think? There is already a pull request with the constraint at GitHub.
> We already have a CR for 4.2. If we decide to add @WebSafe to HV do
> you think we should add this in 4.2 or to the next release?
>
> --Gunnar
>
>
> 2011/6/10 Shane Bryzak<sbryzak(a)redhat.com>:
>> Sure, if you think it's suitable.  Seam Validation is based on HV anyway=
s.
>>
>> On 10/06/11 18:32, Emmanuel Bernard wrote:
>>> Why not in Hibernate Validator?
>>>
>>> On 10 juin 2011, at 10:02, Shane Bryzak wrote:
>>>
>>>> Hi Gunnar,
>>>>
>>>> I had an idea today for a new validation constraint called @WebSafe - =
in
>>>> summary what it would do is validate a rich text value provided by the
>>>> user to ensure that it contains no malicious code, such as embedded
>>>> <script>    elements.  The implementation for this would use JTidy to
>>>> convert the value to a DOM tree, after which it would walk the nodes of
>>>> the tree and locate any<script>    tags, and if any are present the
>>>> validation would fail.
>>>>
>>>> Anyway, the implementation isn't so important - what I was wondering
>>>> though is whether you think something like this would be useful to have
>>>> in the Seam Validation module.  I tend to think that it would be (and =
we
>>>> can probably come up with quite a few other useful validation
>>>> constraints also) but I would like to know what you think about this.
>>>>
>>>> Shane
>>>> _______________________________________________
>>>> seam-dev mailing list
>>>> seam-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/seam-dev
>>


--===============0500983977394263955==--